Introduction to DHCP

IP addresses can be configured statically or dynamically. Normally we configure static IP addresses on network devices like routers, switches, firewalls and servers while we dynamically assign IP addresses to computers, laptops, tablets, smartphones etc. The dynamic method uses DHCP (Dynamic Host Configuration Protocol) and in this short lesson I want to show you how it works.

On the left side we have a computer without IP address. On the right side there’s a DHCP server configured with static IP address 192.168.1.254. This DHCP server will supply an IP address to our computer, this is how it works:

The computer will send a DHCP discover message. This is a broadcast because it doesn’t have an IP address and it doesn’t know if there is a DHCP server on the network. Of course in our scenario we do have a DHCP server so it will respond to this broadcast as following:

The DHCP server will respond with a DHCP offer message which contains an IP address for the computer (we have to configure the DHCP server to define which IP addresses we want to give). If we want we can also assign a default gateway and DNS server(s) to the computer. The computer will respond to this information:

The computer will send a DHCP Request in response to the DHCP offer message, asking nicely if it’s OK to use the information that it has received. Our DHCP server will respond to this as following:

The DHCP server will respond with a DHCP ACK message to tell the computer it’s OK to use this information. Now you have an idea what DHCP is like, let’s take a closer look at the packages in wireshark:

Above you see the 4 DHCP packets in wireshark. If you want to capture this yourself you need to filter on bootp messages since DHCP uses the bootstrap protocol. In the DHCP discover message you can see that the computer has no IP address (0.0.0.0) and is broadcasting this to IP address 255.255.255.255. The DHCP offer is from our DHCP server (192.168.1.254).

Above you see the DHCP discover message. First of all you see the source MAC address of the computer and the destination MAC address is FF:FF:FF:FF:FF:FF (broadcast). It doesn’t have an IP address (0.0.0.0). DHCP uses the bootstrap protocol and you can see the source port (68) and destination port (67). Now let’s take a closer look at the DHCP offer:

Forum Replies

Nice explanation. Crisp and to the point. I have one question though.
How would the client identify that the Offer and the Ack message that the server sends? In other words, how would the client understand that it is the intended recipient of those messages from the DHCP server. Say, for instance two new clients are connected to the network at the same time, then there would be two sets of offer and ack messages broadcasted from the server. How would each client pick the right message?

Dear Rene/Andrew,
Thank you for this great lesson. Mr Andrew with reference to your reply # 27608 above particularly this point " Additionally, you may notice that all communication from the DHCP server at layer 2 is unicast. The reason for this is because the DHCP server obtained the client’s MAC address when the client sent out its initial Discover message.", I am still confused on where broadcast happens and where unicast happens. From the Wireshark captures above I do not see Unicast happening anywhere. Even for Offer and Ack from the server the dest mac ad

This is an excellent question and it shows that you’re thinking deeply about the subject. It is true that the DHCPOFFER when sent can technically be sent using a unicast MAC address since the MAC address of the host making the request, and thus the destination of the DHCPOFFER frame, is known. However, some operating systems and NIC drivers don’t always use this logic when operating DHCP.

Some client implementations are unable to receive such unicast frames until the implementation has been configured with a valid IP address. Remember, when we en

DHCP can provide a multitude of information to hosts. The most common implementations include IP address, subnet mask, default gateway and DNS server. There are many more elements that DHCP can offer and these are called DHCP options. Some of the most common include NTP servers, log servers, cookie servers, interface MTU, default TCP TTL, NetBIOS name server and IRC chat server to name just a few.

These options are indicated using an option number. DHCP option numbers can range any where from 0 to 255. Some of these numbers are standard vendo